Method and system for protecting against illegal copy and/or use of digital contents stored on optical or other media

ABSTRACT

A method for preventing the illegal copying of a copy protected content by a computerized system by installing a driver in the operating system of the computerized system for intercepting any attempt of the I/O routines of the operating system to access the device drivers of the Operating System, producing a CRC codes for data read from devices containing original copies, producing a CRC codes for data to be written to devices, and preventing any attempt to write such data whenever the CRC code produced match a CRC code produced for read data. The protection of content stored on a recordable CD can be achieved by recording on the CD a first sA method for preventing the illegal copying of a copy protected content by a computerized system by installing a driver in the operating system of the computerized system for intercepting any attempt of the I/O routines of the operating system to access the device drivers of the Operating System, producing a CRC codes for data read from devices containing original copies, producing a CRC codes for data to be written to devices, and preventing any attempt to write such data whenever the CRC code produced match a CRC code produced for read data. The protection of content stored on a recordable CD can be achieved by recording on the CD a first session including one or more Tracks, each of which includes unique and/or nonstandard data structures. The protected content is then recorded on the CD in a concealed form together with an authentication module capable of determining the existence or non-existence of the unique and/or nonstandard data structures and capable of accessing the concealed content and reveal its content. Whenever attempting to access the CD, the authentication module is activated, and if the unique and/or nonstandard data structures are found on the CD, the concealed content is revealed and accessed.

FIELD OF THE INVENTION

The present invention relates to the field of authentication andprotection of digital content from illegal copying and use. Moreparticularly, the invention relates to a method and system forprotecting digital content stored on recordable media from illegalcopying and use.

BACKGROUND OF THE INVENTION

Optical media such as CD-ROM and DVD have become major means forsoftware storing due to the high density and reliable storage which theyprovide at a relatively low price. In the past, the piracy in thecopying of optical media like CD-ROM was negligible, as recordingmachines were available only to professionals due to their high price.In recent years, the price of recording machines capable of making aperfect copy of original, prerecorded CDs and DVDs has been reduced.Consequently, the rate of illegal copying and illegal use of softwarehas significantly increased, which resulted in significant damages tothe content owners.

Compact Disks (CD) are an optical storage media of digital information(content) widely utilized for storage of audio, video, text, and othertypes of digital content. Their reliability, efficiency and low pricemade their use very common for storage of music, movies, computersoftware and data. The content stored on the CD may be easily copied,and actually, it is accessible utilizing the basic tools of virtuallyany computer Operating System (OS). The arrival of recordable CDs(CD-R), made the pirate reproduction of CDs a very simple task.

In recent years, several copy protection technologies for optical discswere developed to fight against the increasing piracy levels. Most ofthem are based on deliberately corrupting the disc, or changing itsoptical properties. The corruption of the disc is done by professionalmastering equipment that is used in optical discs replicationfacilities. The standard optical disc recorders, that are used bypirates to make illegal copies, are not designed to corrupt the opticaldiscs, and therefore, cannot create an exact copy of the originalprotected disc. A software module that is added to the optical disc,reads the areas on the disc that should be corrupted, determines if thedisc is original or a copy and grant or deny access to the content onthe disc accordingly.

The existing copy protection technologies may be suitable for protectingagainst the copying of applications such as computer games that can bereplicated many times using one corrupted master that had been producedby replication facilities. The drawback of copy protection technologiesthat are based on intentionally corrupting the optical disc, is thatthey cannot be easily applied to recordable discs, since standardoptical disc recorders are not designed to record information oncorrupted recordable discs.

Copy protection solutions for recordable optical discs is extremelyimportant for pre-releases (Alphas, Betas, etc.) of computer games andsoftware. Content owners are used to publish pre-releases of theircontent in a limited number of copies, in order to have a field test oftheir software, which are important for reporting if there are any majorbugs that should be fixed before releasing the final version of theirproduct. Many times the pre-released copies, of copy right protecteddigital content, are copied illegally and distributed over the internet,even before the final version of the product is released to the market.The piracy of software in such an early stage, cause huge loss of salesbecause it damage the first wave of sales, which is the mostsignificant. Pre-releases are published on a very limited number ofcopies. Usually few singles to a few hundreds, and this is the reasonwhy in most cases they are published on recordable discs that areduplicated in-house by the content owner.

The ability to protect the content of optical recordable discs againstunauthorized copying is also extremely important for publishing finalversions of software in low volumes. For example, professional softwarethat is sold in a high price for a limited professional market. Inparticular, a copy protection for optical recordable discs can be wellexploited for on-demand environments, where a customer makes his ownselection of the content he wish to buy, and a disc containing all hisselections is compiled and recorded instantly.

The ability to protect the content on optical recordable discs againstunauthorized copying is also extremely important for protectingconfidential information in governmental institutes, military and evenfinancial information in banks.

In addition, such a copy protection for optical recordable discs againstillegal copying can also allow private consumers to record their owncopy protected content, on optical discs one at a time, whenever it isneeded, without needing the mass production processes carried out todayby the common mastering facilities.

The ability to protect the content of optical recordable discs againstunauthorized copying allows certain features that strengthen the copyprotection solution, and cannot be applied easily to replicated discs.For example, the ability to make each disc unique by adding uniqueserial numbers, and adding unique tracking information that can help totrack the original owners of original discs, from which illegal copieswere made. These features will be explained in details herein later.

All the prior art solutions for protecting the content of opticalstorage media such as CDs DVDs have not yet provided methods and/ormeans for protecting recordable optical discs from copying. Therefore,methods for protecting the content on recordable discs are highlyrequired to provide means for protecting the content produced byindividuals and/or which is made available in a limited number ofcopies, without needing mass production mastering processes.

It is an object of the present invention to provide a method and systemfor protecting digital content that is recorded on standard recordablediscs against unauthorized copying.

It is another object of the present invention to provide a method andsystem for protecting digital content from unauthorized copying, using arecordable disc that contains pre-burned information with intentionallyembedded logical symbols and serial numbers, that are used for the copyprotection process and for determining the authenticity of the disc andthe copy protected digital content that is stored on it.

It is also an object of the present invention to provide a method fortracking the owner of an originally recorded medium, from which apirated copy of protected digital content was made, based on a uniqueserial number that is recorded on both the original and the piratedcopies,

It is another object of the present invention to provide a softwaredriver that provides the operating systems of a computer the ability totransparently read digital content, that is stored in encrypted form onany medium, as long as the medium is a legitimate original. The driveralso designed to block any copying attempt of the encrypted content.

Other objects and advantages of the invention will become apparent asthe description proceeds.

SUMMARY OF THE INVENTION

The terms CD-R and CD-RW are used herein to refer to CDs on whichdigital content can be written by end users. The term disc is usedherein to refer CD-Rs and CD-RWs.

The term Cyclic Redundancy Check (CRC) refers to a method for producinga unique signature for data which is often used to detect errors intransmitted data.

The present invention is directed to a method and system for preventingthe illegal copying of a copy protected content by a computerizedsystem. The invention may comprise installing a software driver in theoperating system of the computerized system, where the software moduleis capable of intercepting any attempt of the I/O routines of theoperating system to access the device drivers of the operating system.Whenever an attempt to read data from the device drivers is interceptedthe following steps are performed:

-   -   an authentication test is performed to determine if the accessed        device contain an original copy, and if it is determined that        the accessed device contain an illegal copy terminating the        requested I/O operation;    -   if it is determined that the accessed device contains an        original copy allowing access to the device and calculating and        storing in the memory of the computerized system the CRC codes        of the data read from the device;

Whenever an attempt to write data to the device drivers is interceptedperforming the following steps:

-   -   calculating CRC code of the data to be written to the device;    -   if the calculated CRC code equals to one of the CRC codes that        were previously stored in the memory of the computerized system        terminating the write data attempt; and    -   if the calculated CRC code does not equal to any one of the CRC        codes that were previously stored in the memory of the        computerized system allowing the write data to be performed.

The data stored on the I/O devices may be stored in an encrypted formand the invention may therefore further comprise decrypting theencrypted data whenever it is determined that the accessed devicecontains an original copy. Optionally, the decryption keys may beobtained from the I/O device from which the encrypted data was read.

The invention is also directed to a method and system for protectingcontent stored on a recordable CD. The values of the disc ID and theLead-in start time of the recordable CD are used for generating anencryption key which is utilized for encrypting the content that shouldbe stored on the CD using. The encrypted content is written to therecordable CD, and whenever an attempt to read the content of the CD thefollowing steps are performed:

-   -   the values of the disc ID and the Lead-in start time are read        from the CD;    -   a decryption key is generated from the read values; and    -   the content of the CD is decrypted with the generated decryption        key.

Optionally, the same key is used for carrying out the encryption and thedecryption of the protected content.

The illegal copying of a copy protected content by a computerized systemmay be also prevented by setting a flag to a logical ON state wheneveran active process attempts to read data from the content, where the flagis generally in a logical OFF state and it is associated with theprocess, and checking the status of the flag associated with a processattempting to output data and preventing the data output if the flag isin the logical ON state.

The present invention is also directed to a method and system forprotecting the content stored on a recordable CD which comprise apre-burned first session including one or more Tracks, each of whichincludes unique and/or nonstandard data structures. The protectedcontent is recorded on the CD in a concealed form together with anauthentication module capable of determining the existence ornon-existence of the unique and/or nonstandard data structures andcapable of accessing the concealed content and reveal its content. Theauthentication module is activated whenever attempting to access the CD,and if the unique and/or nonstandard data structures are found on the CDthen the access to the concealed content is allowed.

The unique and/or nonstandard data structures may comprise Rom SyncShifts, Digital Silence, Link Blocks, and/or Predetermined Rom Skewvalues. The recordable CD may further comprise unique serial numbersstored in predetermined locations within the one or more Tracks. Theunique serial numbers may include one or more unique copy-seal serialnumbers, which are stored in predetermined locations in the User Data ofpredetermined data frames within the Tracks, and one or more uniquecopy-authentication serial numbers which are stored in predeterminedlocations in the Sub Channels of predetermined data frames within theTracks.

The copy-seal and/or copy-authentication serial numbers may be used toidentify the original copy of the protected content which was used forthe copying of a pirate copy. In a preferred embodiment of the inventiona unique copy-seal and copy-authentication serial numbers are used foreach and every recordable CD, and the bits of the copy-authenticationserial numbers are stored in the Copy Permit/Prohibit bit of the QSub-Channel of a sequence of predetermined data frames within the one ormore Tracks.

According to another preferred embodiment of the invention copyprotected storage mediums are produced by: writing data into a first setof a predetermined number of consecutive sectors having consecutiveaddresses; following the first set writing different data into a secondset of the same predetermined number of consecutive sectors having thesame consecutive addresses as the first set, such that any attempt tocopy the medium results in copying only one of the sets.

Optionally, the copy protected storage mediums are produced by:designating a sector address as a starting location for writingauthenticating data sectors; following the starting location writingdata into a first set of a predetermined number of consecutive sectorshaving consecutive addresses; following the first set, writing differentdata into a second set of the same predetermined number of consecutivesectors having the same consecutive addresses as the first set; andfollowing the second set, designating a sector as an ending location andsetting the address of the sector to the consecutive address followingthe first set, such that any attempt to copy the medium results incopying the starting location sector, one of the sets, and the endinglocation sector.

The authenticating of the copy protected storage mediums can be carriedout by: reading the data of the first set of sectors and producing anidentifier for each read sector; reading the ending location sector;reading the sectors preceding the ending location sector in a descendingorder, producing an identifier for each read sector, and comparing theidentifier to the identifier previously produced for the correspondingsector in the first set; indicating that the storage medium is originalwhenever it is determined that the identifiers which were produced forcorresponding sectors mismatch, and if it is determined that theidentifiers match indicating the medium being a copy.

The invention is also directed to a copy protected recordable CD. Thecopy protected recordable CD comprises:

-   -   a) a pre-burned session comprising one or more Tracks;    -   b) unique and/or nonstandard data structures in the User Data        field and/or the Sub Channels of predetermined frames within the        Track, where only portion of the data structures can be copied        by conventional recorders; and    -   c) one or more additional sessions comprising content encrypted        by an encryption key which is generated from values obtained        from the data structures; and    -   d) a software module capable of identifying the existence or        non-existence of the data structures in the first session of a        CD and determining if the CD is an original or a copy, whenever        an original CD determination is obtained the software module        generates a decryption key from values obtained from the data        structures and decrypts the content of the additional sessions.

According to a preferred embodiment of the invention the one or moreTracks are recorded in different Subcode Formats. Optionally, the uniqueand/or nonstandard data structures may comprise Rom Sync Shifts, DigitalSilence, Link Blocks, and/or Predetermined Rom Skew values. The copyprotected recordable CD may further comprise unique serial numbersstored in predetermined locations within the one or more Tracks, wheresaid serial numbers includes:

-   -   one or more unique copy-seal serial numbers, which are stored in        predetermined locations in the User Data of predetermined data        frames within the Tracks; and    -   one or more unique copy-authentication serial numbers which are        stored in predetermined locations in the Sub Channels of        predetermined data frames within the Tracks.

According to another preferred embodiment of the invention the copy-sealand/or copy-authentication serial numbers are used to identify theoriginal copy of the protected content which was used for the copying ofa pirate copy. According to yet another preferred embodiment of theinvention the unique copy-seal and copy-authentication serial numbersare used for each and every recordable CD. The bits of thecopy-authentication serial numbers may be stored in the CopyPermit/Prohibit bit of the Q Sub-Channel of a sequence of predetermineddata frames within the one or more Tracks.

According to another preferred embodiment of the invention the copyprotected recordable CD comprises a pre-burned session comprising one ormore Tracks including predetermined locations within the one or moreTracks which comprise one or more unique copy-seal serial numbers, whichare stored in predetermined locations in the User Data of predetermineddata frames within the Tracks, and one or more uniquecopy-authentication serial numbers which are stored in predeterminedlocations in the Sub Channels of predetermined data frames within theTracks.

BRIEF DESCRIPTION OF THE DRAWINGS

In the drawings:

FIG. 1 schematically illustrates the data structure of CD frames;

FIG. 2 schematically illustrates structure of CD sessions and tracks;

FIG. 3 schematically illustrates the Multi-Session Layout;

FIG. 4 schematically illustrates the data structure of the QSub-Channel;

FIG. 5 shows the structure of recordable CDs;

FIG. 6 shows the structure of the Link Blocks;

FIG. 7 shows the Sony and the Phillips Subcode Formats;

FIG. 8A is a block diagram illustrating the data flow in a computeroperating system in which the content protection driver of the inventionis installed;

FIG. 8B is a flowchart illustrating the installation process of thecontent protection driver of the invention;

FIGS. 8C and 8D are flowcharts illustrating the operations preformed bythe content protection driver of the invention;

FIG. 9 is a flowchart illustrating a method for determining if a CD isan original utilizing unique Identification Marks that exist on anyrecordable disc;

FIGS. 10A and 10B are flowcharts illustrating a method for determiningif a CD is an original by checking the existence and format ofintentionally embedded logical symbols

FIG. 11A is a flowchart illustrating a method for protecting digitalcontent from illegal copying by means of encryption, utilizing arecordable disc with pre-burned information according to the presentinvention;

FIG. 11B is a flowchart illustrating a method for decrypting protecteddigital content that is stored on a recordable disc with pre-burnedinformation according to the present invention;

FIG. 12A is a flowchart illustrating a method for protecting digitalcontent on a standard recordable disc, from illegal copy and use, bymeans of encryption;

FIG. 12B is a flowchart illustrating a method for decrypting protecteddigital content that is stored on a standard recordable disc, and wasprotected using the process illustrated in FIG. 12 a

FIG. 13A schematically illustrates the layout of a recordable disc,which includes pre-burned information containing intentionally embeddedlogical symbols and serial numbers;

FIG. 13B schematically illustrates the structure of the pre-burnedinformation that is recorded on the disc illustrated using FIG. 13 a;

FIG. 14 is a flowchart illustrating a method for tracking contentmanagement and protecting digital content from illegal copy and use bymeans of encryption, using recordable discs with unique serial numbers;

FIG. 15 is a flowchart illustrating a method for tracking pirates thatmake illegal copies of digital content that is stored on recordablediscs with unique serial numbers;

FIG. 16 schematically illustrates the use of the present invention byany content owner that wish to protect its content from illegal copying;

FIG. 17 is a block diagram illustrating the structure of a VirtualDigital Hologram in a preferred embodiment of the invention; and

FIG. 18 is a flow chart illustrating a process for authenticatingstorage media utilizing the Virtual Digital Hologram of the invention.

DETAILED DESCRIPTION OF PREFERRED EMBODIMENTS

Copy protection for software is usually implemented by integrating anauthentication procedure into the software, that checks if the mediumthat the software is stored on is original. The execution of theprotected software is carried out whenever it is determined that thestorage medium that is being used is original, and it is terminatedwhenever it is not so.

The copy protection of digital content other than software (e.g., text,music) cannot be protected using such techniques, since the access tosuch content usually does not involve initiating any process originatedfrom the storing media, and therefore it is accessed in the same mannerwhether the storing medium is original or not. The present inventionprovides an architecture for a software driver (hereinafter will be alsoreferred to as content protection driver), that is installed in theoperating system and adds support for reading encrypted content from anymedium as long as it is original. The process of decrypting the contentis fully transparent to the end user. The media may contain any type ofcontent such as MPEG video files or MP3 audio files. This content may beused in a normal way, for example by playing the video and audio fileswith any player that may be installed on the users computer. However,any copying attempt of the content will be blocked by the contentprotection driver.

The content is preferably stored on the protected media in an encryptedform. The protection of the stored content is carried out by the contentprotection driver, that intercepts any reading and/or writing operationsinitiated from the user's computer. When the storing media, on which theencrypted content is stored, is accessed, the content protection driververifies that the media is original by using one or more of theauthentication methods that are described herein. If the storing mediais indeed original, the content protection driver decrypts theinformation that is read from the media, and calculate a CyclicRedundancy Check (CRC) code for that read operation. The contentprotection driver stores in the computer's memory the calculated CRCcodes of several read operations that have been performed recently. Whenthe content protection driver intercept a write operation, it calculatesthe CRC code for the information that should be written. If the CRC codethat was calculated for the information to be written matches one of thelast CRC codes of the read operations that are stored in the computermemory, the content protection driver blocks the write operation, orwrites faked content instead (e.g., random data).

This unique method solves the problems of many existing contentprotection/encryption methods, wherein it is impossible to use a fullytransparent system for decrypting the encrypted content and allow anyprogram to use it. Most of the content protection methods which arebased on storing encrypted content requires the user to enter some codeor use an external device that holds the decryption keys which enablesaccessing the encrypted content. The main problem in a fully transparentsystem is that any active process capable of accessing the OS resourcescan also gain access to the encrypted content, and therefore any copyingsoftware is also capable of doing the same i.e., reading and copying theprotected content. For example, a fully transparent system will allowthe windows explorer of a MS-Windows operating system to read theencrypted content that can then be written to a different medium.

Copy protection system usually includes an authentication process thatis used for determining if the storing medium that is used is originalor not. Based on the result of this authentication process the access tothe protected content is granted or denied. The present inventionprovides two different methods for determining if the medium is originalor not. The methods that will be described hereinafter were particularlyadapted for optical recordable discs.

The authentication process of the first method is preformed to standardrecordable discs, utilizing unique Identification Marks that exist onany recordable disc.

The authentication process of the second method is mainly based on thefact that two different discs that contains the same content, but wererecorded using different recorders, and maybe even different recordingmethods, essentially have some minor differences between them. Theauthentication method of the present invention, exploit said differencesto determine if the disc that is used is original, or a copy made by adifferent recorder and maybe even by using a different recording method.

The authentication process of the second method is performed to standardrecordable discs that have a pre-burned area which includesintentionally embedded logical symbols and unique serial numbers. Theauthentication process is designed to read information from thepre-burned area and use it to determine if the disc is original or not.As will be explained, the serial numbers that are embedded into thediscs, are unique for each and every disc, although the same informationmaybe recorded on the discs. Should an illegal copy be found, the serialnumbers may also be used to identify the owner of the original disc,from which the copy was made.

As will be understood by those skilled in the art, the authenticationmethods of the present invention, can be integrated into processes ofalmost any software. While the software run, the authenticationprocesses are carried out to determine if the medium on which it isstored is an original medium or not, and its operation is continued orterminated accordingly. Additionally, these authentication methods canalso be integrated into the authentication procedures of the contentprotection driver of the present invention, in order to provide a copyprotection mechanism which is also suitable for any type of digitalcontent other than software, by utilizing encryption means.

A typical recorded CD media consists from a succession of CD frames.FIG. 1 schematically illustrates the structure of a CD frame 100. EachCD frame 100 comprises a Main Channel 110 consisting of 2352 bytes, andof a 98 bytes of sub channel data 120. CD frames are addressed in termsof audio play time, i.e. Minutes, Seconds, and Frames (MSF). Thetraditional value of 60 seconds per minute is followed.

The structure of the main channel block 110 is determined by the type ofinformation that is recorded on the CD. Audio, computer data and videocontent have different main channel block structures. The main channelblock 110 shown in FIG. 1 is a mode 1 data block, that is used forcomputer data, as defined in the Phillips' Yellow Book standard. Thesync field 111, contains 12 bytes which holds a synchronization pattern.The Header field 112, contains 3 bytes value that represents the address(also known as absolute time ATIME) of the current CD frame in MSFformat, and 1 byte value that represents the main channel block mode,which is mode 1 in this case. The EDC field 114, is a 4 bytes CIRC(Cross-Interleaved Reed-Solomon Code) codeword that is used for errordetection and is calculated using the information stored on the Sync111, Header 112 and user data 113 fields. Field 115 consists of 8 bytesthat are reserved and set to zero. The ECC field 116 consists of 276bytes that are used for error correction of corrupted information in theSync 111, Header 112, and User Data 113 fields. These fields (111, 112,114, 115 and 116) are also known as control fields, and they consume 288bytes, which leaves a total of 2048 bytes for the user data in the userdata field 113.

The synchronization pattern of the main channel of a disc (Sync 111)typically occurs every 2352 bytes (at the beginning of each CD frame).However, the distance between two consecutive synchronization patternsmay be less or greater than 2352 bytes. This phenomenon is known as RomSync Shift and it usually appears due to errors in the manufacturingprocess of CD-ROM masters. Recording devices are typically not designedto create Rom Sync Shifts. According to the present invention,intentionally embedded Rom Sync Shifts are utilized to authenticate acopy protected recordable disc, as will be shown and explained hereinlater.

The Sub Channels field 120, consists of 2 synchronization bytes and 96bytes of Sub Channels information. Each Sub-Channels information byte121 is divided into 8 Sub-Channel bits labeled using the letters P to Waccording to their bit position, as shown in FIG. 1. Each Sub-Channelconsists of 12 bytes per CD frame (96 bits). The P and Q sub-Channelsprovide information about the recording. The R-W Sub-Channels aredefined only for audio CD frames.

All the information in the frame's main channel 110, except to the Syncfield 111, is scrambled. The scrambling is preformed by XORing theinformation of the main channel 110 with predetermined values. Wheninformation is read from the disc, the reading device automaticallyunscramble the information before sending it to the reading application.A sequence of one or more CD frames that contains zeros on all fieldsafter scrambling is called “digital silence”. Standard discs typicallydo not contain digital silences. As will be explained herein later,these “digital silence” frames can be used to authenticate a copyprotected recordable discs according to the method of the invention.

The information on a disc is recorded in a logical structure calledsession. A session is divided into 3 logical entities beginning from theinner radius of the disc and continuing toward its outer edge. FIG. 2schematically illustrates the structure of a CD session 2000. TheLead-in, field 2100, is a zone of protection for preventing readingsfrom unrecorded areas near the disc center, it signals the drive thebeginning of the recorded area. The Lead-in 2100 also contains the Tableof Contents (TOC) for the Program Area 2200. The Program Area field 2200is also known as the user area of the disc. For example, on an audio CD,this is where the music is recorded. The Lead-out field 2300 is a zoneof protection for preventing readings from unrecorded areas toward thedisc's outer edge, it signals the drive the ending of the recorded area.

The Program Area 2200 is divided into logically separated areas calledtracks 2210. There should be at least 1 track 2210 in the Program Area2200. Each track 2210 contains 2 pause areas. The Pre-Gap, field 2211,and the Post-Gap, field 2213. The length of each of said pause areas is150 CD frames. The P Sub-Channel is reserved for identifying the gaps.The value of the P Sub-Channel in the Program Area is 0 its value is setto 1 in the Gaps areas 2211 and 2213. The data frames within the ProgramArea, field 2212, are used for storing the user content e.g., computerfiles.

When writing to a standard recordable disc, using a standard recordingdevice, the Pre-Gap area 2211 of each track is filled with CD framesthat contain zeros (frames in which all the bytes of the User Data 113holds zero values) or Track Descriptors, depending on the recorder thatis used. Track Descriptors are used to describe the track in which theyare written and they contain information such as the length of the trackand the recording method that is used to record the track. The TrackDescriptors have no affect on the functionality of the disc, and asmentioned above some recorders may even write in the Pre-Gap area 2211CD frames that contain zeros in the User Data field 113 instead of TrackDescriptors.

A session is constructed from the following recorded sequence: Lead-in2100, Tracks Area 2200, and Lead-out 2300. However, there is also amulti-session technique which allows a single disc to have severalconcatenated sessions. As will be discussed hereinafter this mode can beexploited for the construction of a copy protection scheme forrecordable optical discs

The first frame of a blank recordable disc starts at a negative addresswhich its value depends on the disc manufacturer. This start address isalso known as the “Lead-in Start Time”. A negative address in MSFaddressing is defined as a count down from address 00:00:00, forexample, the address −1 is represented as 99:59:74. The Program Area2200, always starts at address 00:00:00 (MSF). Therefore, the length ofthe first Lead-in is varying in different disc brands. The time lengthsof the subsequent Lead-ins (e.g., session No. 2 and above) are typically60 seconds long. A blank recordable disc also has a unique 32 bitsnumber that is recorded on it. This number is called the Disc ID. TheDisc ID and the Lead-in Start Time can be read by using the standardMulti Media command ‘Read Disc Information’ as defined in the SCSI MMC-3standard (NCITS. 360:2002.)

Typical CD-ROM devices are not capable of reading through unrecordedareas on the medium. This means that to ensure that a CD-ROM device iscapable of accessing all areas of the Program Area 2200, the ProgramArea 2200 needs the Lead-in 2100 and Lead-out 2300, protection zones. Ona recorded disc, sessions may appear as shown in FIG. 3.

FIG. 4 schematically illustrates the structure of the Q Sub-Channel.Each CD frame contains 98 bits of Q Sub-Channel information. Field 410contains the 2 synchronization bits of the 2 Sub Channel synchronizationbytes of the frame. Field 420 contains 4 control bits that are used todescribe the content type of the CD frame. The control field includesthe Digital Copy Permit/Prohibit bit 421, which is used to indicatewhether or not the content owner allows making copies of the contentstored on the current track indicated by the TNO field 441. Typically,all the CD frames within the same track 2210 have the same value intheir Digital Copy Permit bit 421. The value of this bit is usually setfor each track by the content owner, via the writing software, beforewriting the content to the CD. The ADR, field 430, contains 4 bits thatdefine the content of the 72 data bits in field 440 and is known as the‘Q Mode’. The remaining 16 bits in field 450 are used to store a CRCcode for the Control 420, ADR 430 and data 440 fields. The only Q Modethat is relevant to the present invention is Q Mode 1. At least 9 out of10 successive CD frames in the Track Program Area 2212 of a data CDsession, hold Q Mode-1 information.

Fields 441 to 449 in FIG. 4, are the 9 bytes that construct the datafield 440 of Q Mode-1. The TNO, field 441, holds the track number inBCD. The INDEX field 442 is used for indexing the frames within thetrack according to the track section to which they belong. The value ofthe INDEX field in the first track should be 01. In the Pre-Gap of theTrack 2210, the track number TNO 441 is the number of the current track,and the value of the INDEX field 442 is 00. Fields 443 to 445 (MIN, SEC,FRAME) are used to denote the relative time of a frame 100 within theTrack 2210, which is also known as RTIME (encoded as 6 BCD digits). TheRTIME of the first frame in the Track 2210 is 00:00:00 and its value isadvanced in each frame 100 through the Track, as shown in FIG. 7. In thePre-Gap 2211 the RTIME value of each successive frame is decreased. TheZERO field 446 is reserved and set to zero. Fields 447 to 449 (AMIN,ASEC, AFRAME) are used to denote the absolute time address of the frameswithin the program area, which is also known as ATIME (expressed in 6BCD digits).

FIG. 5 schematically illustrates the layout of recordable discs. CD-R/RWdiscs have two additional areas prior to the first Lead-in, the PowerCalibration Area (PCA), and the Program Memory Area (PMA). The PCA ispresent only in CD-R and CD-RW media for the purpose of write powercalibration. The PCA is divided into two areas: the test area and thecount area. The PMA is present only in CD-R and CD-RW media for thepurpose of accounting for the usage of user data areas on the medium.Whenever the recording is stopped, the recorder automatically adds arecord to the PMA with the exact address of the next writeable CD frame.

Before starting a write operation, the “write mode page” parameters ofthe recording device must be set. The “write mode page” is an internalparameter table, that is used to control the writing functionality ofthe recording device e.g., the writing method, writing speed, the typeof content that is written (Audio, Data, etc.).

There are 3 basic methods of writing to a recordable disc. Track At Once(TAO), Session At Once (SAO) and Disc At Once (DAO).

When writing information in TAO, each track is recorded in separaterecording operation and the laser beam of the recorder is turned offafter the recording of each track is completed. When writing in SAO, allthe tracks in each session are recorded in an uninterrupted operation,and the laser beam of the recorder is not turned off after recordingeach track. Each session is still recorded in a separate operation, andthe laser beam is turned off only after the recording of each session iscompleted.

DAO is the only true uninterrupted recording method. When writing inDAO, all the information on the disc from the first Lead-in to the lastLead-out, will be recorded in one uninterrupted operation withoutturning off the laser beam until the last session is written. As will beexplained herein later, the writing method affects the structure of thedata on the disc. To gain a better understanding of these effects, thefollowing terms should be explained:

-   Link Blocks—these are CD frames (100) that are automatically written    by the recording device when the laser beam is turned on and before    it is turned off. The Link Blocks are used by the recorders as a    linkage for appending new recording information, and by the reading    devices for finding the exact boundaries of the CD frames 100. It    should be noted that it is impossible to prevent the recorder from    writing the Link Blocks by software means.    -   FIG. 6 schematically illustrates the layout of Link Blocks 601        and 602. When the laser beam is turned on, the CD recorder        writes the following 5 CD frames (601): 1 link frame; and 4        Run-in frames (Run-in 1, Run-in 2, Run-in 3 and, Run-in 4).        Before the laser beam is turned off, the recorder writes 2        Run-out frames (602: Run-out 1 and Run-out 2). For example, when        writing in the TAO writing method, the laser beam is turned on        and off before and after the recording of each track, and in        this case, the Recorded Information field 600 (shown in FIG. 6)        represents a CD Track 2210. When writing in the SAO writing        method, the laser beam is turned on and off before and after the        recording of each session, and in this case, Link Blocks 601 and        602 will be written only between Sessions 2000, and in this case        the Recorded Information 600 represents a CD Session 2000.        However, when writing in the DAO writing method, the laser beam        is turned on and off only once, and therefore Link Blocks 601        and 602 will not be written between Tracks 2210 or Sessions        2000.-   Rom Skew—this is the time difference between the ATIME in the Q    Sub-Channel 400, and the ATIME in the Main Channel Header field 112.    A CD reader uses the Q Sub-Channel 400 to seek to any location on    a CD. Once the address is found in the Q Sub-Channel, the reader    switches to the Main Channel and searches in the Header of the frame    for the same ATIME address. High value of Rom Skew will result in a    slow read accesses, while negative value may cause serious    incompatibility issues with existing CD readers. The Rom Skew number    for a given disc is the result of the decision an encoder makes    while creating that disc, whenever using an encoder in standard CD    writer, or an encoder that drives professional mastering equipment    in a CD manufacturing facility.-   Subcode format—The Subcode format relates to the format of the RTIME    frame addresses in the region of a track in which the value of the    index field is 0 (the Pre-Gap 2211). There are 2 possible Subcode    formats, Sony and Philips. The main differences of these Subcode    formats are shown in FIG. 7. The RTIME value of successive frames is    specified to decrement within the region of the track in which the    value of the index field is 0. In the Philips format the value of    the RTIME is decremented down to 00:00:01 (MM:SS:FF) and and it    reaches 00:00:00 value only when it reaches a frame in which the    value of the index field is 1 (in the Track Program Area 2212). At    that point, the value of the RTIME is incremented by one in each    successive frame. On a disc that is written utilizing the Philips    Subcode format, there is only one frame having RTIME value of    00:00:00, this is the frame where the value of the index filed    changed from 0 to 1. In the Sony format the value of the RTIME is    decremented down to 00:00:00 in successive frames in which the value    of the index field is 0, and the RTIME value of the first frame of    the Track in which the value of the index field is 1 is also    00:00:00. At that point, the RTIME value begins to increment by one    in each successive frame. On a disc that is written with the Sony    Subcode format there are two RTIME values of 00:00:00 in a Track,    where the transition of value of the index field form 0 to 1 occurs.    Like the Rom Skew, the Subcode format of a disc is determined by the    encoder that is used to record the disc.

FIG. 13A illustrates the structure of a recordable disc with apre-burned area that contains intentionally embedded logical symbolsaccording to the preferred embodiment of the invention. The disc 1300,is a standard recordable disc in which a portion of pre-burnedinformation, marked as 1301, is added by burning the first session ofthe disc with a unique pattern, as will be described hereinbelow. Thepre-burned information 1301 is added in a way which allows addingadditional information to the recordable area 1302 of the disc 1300 inone or more sessions by means of burning using any standard recorder.This is achieved by leaving the disc “open”. In a multi-session disc, itis possible to add additional sessions as long as there is enough freespace on the disc and the disc is “open”. In order to leave the disc“open”, the burning software must specify the next possible writeaddress in the Lead-in of the last recorded session. If this value ismissing or set to FF:FF:FF then the disc is closed and it is notpossible to add additional sessions to it.

FIG. 13 b illustrates the structure of the pre-burned information 1301.The pre-burned information 1301 is a session with two tracks, Track 1and Track 2. The Pre-Gap of the first track 1331, includes CD frameswith the following intentionally embedded logical symbols:

-   -   False Track Descriptors—The Pre-Gap 1 field 1331, contains        several CD frames with Track Descriptors that intentionally        describe Track 1 improperly and do not correspond with standard        recording methods. When making a copy of the disc 1300, these        false Track Descriptors will be replaced by zeros or new Track        Descriptors that describe properly the track and the recording        method that is being used.    -   “Custom Information” in the Pre-Gap area—The Pre-Gap 1 field        1331 of the pre-burned information, contains several CD frames        which includes unique patterns which are termed herein as        “Custom Information”. The “Custom Information” patterns do not        conform with the conventional Track Descriptor structure. When a        copy attempt of a disc including these “Custom Information”        patterns is carried out, the recorder will typically replace        these “Custom Information” patterns with zeros or legitimate        Track Descriptors, depending on the recorder and the recording        method that is being used.

In a preferred embodiment of the invention the Track Program Area ofTrack 1, field 1341, includes CD frames with the following intentionallyembedded logical symbols:

-   -   The CD frame located at the relative address 00:02:16 of the        first track, Track 1, contains an Identification Mark(s), in        fields that are unused according to the ISO 9660 standard.        According to the ISO 9660 standard, this specific frame address        is used for storing miscellaneous data regarding the        recorded CD. The existence of these Identification Marks        indicates that the disc 1300 is a copy protected recordable        disc, according to the present invention, on which copy        protected and encrypted digital content may be stored.    -   Digital Silence—Standard recording devices are not designed to        record CD frames with Digital Silence. When making a copy of the        disc 1300, the Digital Silence frames will not be copoed, due to        the reformatting of the CD frames that is preformed by the        internal encoder of the recording device.    -   Rom Sync Shift—Recording devices are not designed to record CD        frames with Rom Sync Shifts. Whenever attempting to copy the        content of the protected disc 1300, the synchronization pattern        111 (shown in FIG. 1) of each CD frame that exhibits a Rom Sync        Shift, is restored to conform with the sync pattern 111.    -   Serial#A—Two Unique serial numbers are added to the pre-burned        information 1301. The first one, Serial#A (copy-seal), is        written into one or more CD frames of the Program Area of        Track 1. Serial#A is written as standard information in the User        Data field of the CD frame (field 113 in FIG. 1). This assures        that Serial#A will be transferred to any copy of an original        disc that is made. Since the pre-burned information 1301 is        added to the disc by means of recording and therefore it is        possible to write a unique Serial#A to each protected disc that        is being recorded. Serial#A is utilized for tracking pirates as        will be explained hereinafter.    -   Serial#B—The individual bits of the second serial number,        Serial#B (copy-authentication), are written to the Digital Copy        Permit bits 421 of a sequence of several CD frames in the Track        Program Area (2212) of Track 1. In this way one bit of Serial#B        is written to the Digital Copy Permit bit 421 of each CD frame        in a sequence of frames in Track 1. Thus, the Track 1 that is        burned in the first session of the copy protected CD is set to        contain several CD frames having varying values in their Digital        Copy Permit bits 421. Whenever an attempt to copy the content of        the copy protected disc 1300 is made, the varying values of        these bits (421) (on the original disc 1300) will be replaced        with one constant value for all of the Digital Copy Permit bits        421 in Track 1 of the recorded copy.

According to one preferred embodiment of the invention, the Pre-Gap 1,1331, of Track 1 is recorded according to the Philips Subcode format,while Pre-Gap 2, 1361, of Track 2 is recorded according to the SonySubcode format. In this way, whenever an attempt to copy the content ofthe copy-protected disc 1300 is made, both Pre-Gap areas, 1331 and 1361,of the recorded copies will be recorded according to one Subcode formatthat is determined by the recording device.

The pre-burned information 1301 also contains Link Blocks betweenPost-Gap 1, 1351, of Track 1, and the Pre-Gap 2, 1361, of Track 2.Additional false Link Blocks are intentionally written in the middle onthe Track Program Area (2212) of Track 1, where Link Blocks are notwritten when using standard recorders and recording methods. These LinkBlocks are fake Link Blocks that are written instead of standard CDframes within the Program Area of track 1. When making a copy of thedisc 1300, Link Blocks are written according to the recording methodthat is used to make the copy. Therefore, the false Link Blocks withinthe Track Program Area of Track 1 will not be copied to the recordedcopy. Additionally, the Link Blocks between field 1351 and field 1361may not appear on the copy as well if the copy is recorded in one of theuninterrupted recoding methods (SAO or DAO).

Each of the Link Blocks in FIG. 13B comprise a sequence of blocks, 602and 601, each of which has the structure as shown in FIG. 6. It shouldbe noted that these recorded structures can not be read by conventionalCD readers. Therefore, any attempt to copy such recorded structures willresult in the recording of unpredictable content. Of course, additionalLink Blocks may be generated by the recorder depending on the recordingmethod that is used to record a copy.

Except for the logical symbols that are listed above, the PMA area ofthe disc 1300, contains intentionally embedded false PMA Entries 1311that do not match the layout of the disc. An example for a false PMAentry is one that lists an address of a CD frame that is within theTrack Program Area of track 1. This is not a true PMA entry because PMAentries are written only when the recording is stopped and recorders arenot designed to stop the recording in a middle of a track, and thencontinue the recording within said track. When attempting to make a copyof the disc 1300, the recorder will add to the copy, PMA Entries thatmatch the disc layout and the recording method, and the false PMAEntries will not exist on the copy.

These intentionally embedded logical symbols, together with the Disc ID,the Lead-in Start Time and the Rom Skew value of the pre-burnedinformation, are used to authenticate original discs and for protectingdigital contnet from illegal copying and use by means of encryption. Thecontent to be protected is added to the recordable area 1302, as will beexplained hereinafter.

FIG. 9 illustrates a process of authenticating a recordable CD,utilizing unique Identification Marks that exist on any recordable disc.The process starts in step 900 in which the Disc ID is read from thedisc. In step 902 the Lead-in start time is read from the CD. In step903 the values that were read in steps 900 and 902 are compared to theexpected values that should be read from an original CD. If the readvalues equal to the expected values, then the CD is an original.Otherwise, the CD is a copy. By using an authenticating software whichcarries out this authentication process, where said authenticatingsoftware is provided with the Disc ID and the Lead-In Start Timeexpected values, it is possible to determine if the medium on which saidauthenticating software is stored is original, and continue or terminateits operation accordingly.

FIGS. 12A and 12B illustrates a method for protecting digital contnetstored on a standard recordable disc from illegal copying by means ofencryption. FIG. 12A illustrates the encryption process and FIG. 12Billustrates the decryption process that takes place whenever protectedcontent is read from a disc produced by the protecting methodillustrated in FIG. 12A.

The encryption process starts in step 1200 in FIG. 12A, in which theDisc ID and the Lead-in Start Time are read. In step 1202 the expectedvalues of the authentication process (shown in FIG. 9) are set. Theexpected values are used by the authentication process that isintegrated into executable program files, as shown in step 903 of theprocess illustrated in FIG. 9. Step 1202 is carried out by replacingfixed values within the executable program files with the actual Disc IDand Lead-in Start Time values of the disc to which the files are aboutto be written. In step 1203 an encryption key is generated using theDisc Id and the Lead-in Start Time. The encryption key is generated bymanipulating the Disc Id and the Lead-in Start Time values utilizingmathematical and/or logical operations, and/or by utilizing somepredetermined sequence of permutations acted on said values or on theresult of a mathematical and/or logical operations performed upon them.For example, the encryption key may be generated by XORing the Disc Idand the Lead-in Start Time values.

In step 1204 the content that is about to be written (i.e., the actualcontent to be stored) is encrypted using the encryption key that wasgenerated in step 1203. In step 1205 the encrypted content is written tothe disc (CD). The encrypted content on the recorded copy become uselessin any attempt of making a copy of a disc that contains encryptedcontent utilizing this method. In order to properly decrypt and use theencrypted content, the exact Disc Id and the Lead-in Start Time valuesare needed. The chances that the copied disc have the same Disc Id andLead-in Start Time as the original, are negligible.

FIG. 12B illustrates the decryption process that takes place wheneverreading the encrypted content from the disc. In step 1211 the requiredencrypted content is read from the disc. In step 1212 the Disc ID andthe Lead-in Start Time are read from the disc. In step 1213 a decryptionkey is calculated using the Disc ID and Lead-in Start Time. Thecalculation process that is used in step 1213 to obtain the decryptionkey is identical to the process utilized in the generation of theencryption key is step 1203. In step 1214 the required content that wasread-in step 1211 is decrypted using the decryption key that wascalculated in step 1213. If the disc is original then its Disc ID andLead-in Start Time values will be used to generate the proper decryptionkey and the content will be decrypted properly. If on the other hand thedisc is a recorded copy then the Disc ID and Lead-in Start Time valuesshould be different from the respective values ont eh original, andtherefore, the decryption key that is calculated by the authenticationsoftware in step 1213 in such case will be the wrong key, and thus theprotected content will not be decrypted properly.

FIGS. 10A and 10B illustrates an authentication process that isperformed to a recordable disc that has pre-burned 1301 informationaccording to the present invention, as illustrated in FIGS. 13A and 13B.The process starts in step 1000 in FIG. 10A, in which the first Pre-Gaparea, field 1331 (shown in FIG. 13B), is scanned for the false TrackDescriptors and Custom Information that exist on an original copyprotected disc 1300. In step 1001 it is checked if the expected TrackDescriptors and the Custom Information were found during the scanningthat were preformed in step 1000. If it is determined in step 1001 thatthe expected Track Descriptors and the Custom Information were not foundthen it is determined that the disc is a copy. Otherwise, the control ispassed to step 1002.

In step 1002 the CD frames of the Track Program Area of track 1 (field1341), which exits on an original disc and which should containintentionally embedded Digital Silence, are read from the disc. In step1011 it is checked if the CD frames that were read in step 1002 containDigital Silence. If the frames containing Digital Silence were notfound, then it is determined that the CD is a copy. Otherwise, if it isdetermined that the CD frames that were read in step 1002 containDigital Silence, then the control is passed to step 1003, in which theCD frames that should contain intentionally embedded Rom Sync Shifts inthe Program Area of track 1 on an original disc are read. In step 1012it is checked if there are Rom Sync Shifts within the CD frames thatwere read in step 1003. If it is determined that there are no Rom SyncShifts, then it is determined that the CD is a copy. Otherwise, if thereare Rom Sync Shifts, then the control is passed to step 1004, in whichthe Subcode formats of the first two Pre-Gaps on the disc, fields 1331and 1361, are determined. In step 1013 it is checked if the said twofirst Pre-Gaps on the disc have the same Subcode formats. If it isdetermined that the two Pre-Gaps have the same Subcode format, then itis determined that the disc is a copy. Otherwise, if the differentSubcode formats are found on said two Pre-Gaps, then the control ispassed to step 1005 in FIG. 10B through {circle around (4)}.

In step 1005 in FIG. 10B the pre-burned information 1301 is scanned forthe expected Link Blocks. In step 1014 it is checked if the expectedLink Blocks were found in the scan preformed in step 1005. If they werenot found, then it is determined that the disc is a copy. Otherwise, ifthe Link Blocks were found on the disc, then the control is passed tostep 1006, in which the PMA Entries of the disc are read from the PMAarea of the disc. In step 1015 it is checked if the expected false PMAEntries exist on the disc. If the false PMA entries are not present onthe disc, then it is determined that the disc is a copy. Otherwise, ifthe false PMA entries are present on the disc, then the control ispassed to step 1007 wherein the value of the Rom Skew of the pre-burnedinformation 1301 are checked. In Step 1016 it is checked if the actualRom Skew value that was determined in step 1007 is equal to the expectedvalue that should exist on an original copy protected disc. If it is notso, then it is determined that the disc is a copy. Otherwise, if the RomSkew value that was determined in step 1007 equals to the expected valuethen it is determined that the disc is an original.

The authentication process illustrated using FIGS. 10A and 10B, includesall the authentication tests of the present invention. It is notnecessary to perform all of these tests to determine the originality ofa copy protected disc, One may of course choose to use a less robustauthentication procedure that is based on part of the described tests.

FIGS. 11A and 11B illustrate a method for protecting digital contentfrom illegal copy, utilizing some of the logical symbols and serialnumbers that are embedded to the recordable disc 1300. FIG. 11Aillustrates the encryption process and FIG. 11B illustrates thedecryption process that takes place whenever the recorded content isread from the copy protected disc.

The encryption process starts in step 1100 of FIG. 11A in which thefalse Track Descriptors and Custom Information are read from the firstpre-gap of the disc (field 1331 in FIG. 13B). In step 1101 the uniqueSerial#A of the disc is read from the Track Program Area of the firsttrack on the disc, field 1341. In step 1102 the unique Serial#B of thedisc is read from the Track Program Area of the first track on the disc,1341, and in step 1103 an encryption key is calculated using some, orall, of the information that was read in steps 1000 to 1002. In step1104 the digital content that needs to be protected is encrypted usingthe encryption key that is calculated in step 1103, and in step 1105 theencrypted content is written to the recordable area of the disc, field1302, in an additional session.

FIG. 11B illustrates the decryption process that takes place whenevercontent is read from the disc. In step 1110 the required content isread. In step 1111 the false Track Descriptors and Custom Informationare read from the first Pre-Gap of the disc (field 1331 in FIG. 13B). Instep 1112 the unique Serial#A of the disc is read from the Track ProgramArea of the first track of the disc, field 1341. In step 1113 the uniqueSerial#B of the disc is read from the Track Program Area of the firsttrack of the disc, 1341. In step 1114 the decryption key is calculatedusing the information that was read in steps 1111 to 1113. In step 1115the digital content that is read in step 1110 is decrypted using thedecryption key that was calculated in step 1114. If the disc is a copythen the false Tack Descriptors and the Custom Information should notexist in the first pre-gap of the disc, and the Serial#B should notexist on the disc as well. Therefore, the decryption key that iscalculated in step 1114 should be the wrong key and therefore theprotected content can not be decrypted properly in such case. On theother hand, if the disc is an original, the right decryption key iscalculated in step 1114, and thus the content can be decrypted properly.

The generation of the encryption key and decryption key performed insteps 1103 and 1114 is carried out utilizing some or all of the valuesthat were previously obtained (i.e., serial#A, serial#B, false TrackDescriptors, and Custom Information) by utilizing mathematical and/orlogical operations, and/or by utilizing some predetermined sequence ofpermutations acted on said values or on the result of a mathematicaland/or logical operations performed upon them.

FIG. 8A schematically illustrates the architecture of a computer systemthat contains a content protection driver 813. The computer's memory 810holds the operating system software. Any operating system softwareconsists of two main components that manage the access of applications811 to I/O devices 816. The first component is the Operating System'sI/O API's 812 (Input/Output Application Interfaces), and the secondcomponent is the Operating System's device drivers 814. In a typicalOperating System, running application 811, uses the Operating System'sI/O API's 812 to perform Input/Output operations from/to I/O devices816, via I/O controllers 815. The Operating System's I/O API's 812 usesthe Operating System's device drivers 814, to perform the actualInput/Output tasks. Each driver has its own I/O procedures that matchesto the device that it manages.

The content protection driver 813 is installed between the OperatingSystem's I/O API's 812 and the Operating System's device drivers 814, insuch a way that it is able to intercept any I/O operations and datatransfers that are carried out between the I/O devices 816 and thecomputer memory 810. The placing of the content protection driver 813 insuch manner is also termed Hooking.

FIG. 8B illustrates the installation procedure of the content protectiondriver 813 into the computer Operating System. In step 800, theinstallation procedure checks if there are any supported I/O devices 816in the computer system. If there are no supported I/O devices 816, theinstallation procedure of the content protection driver 813 is abortedin step 801, otherwise, if there are supported I/O devices 816, thecontrol is transferred to step 802. In step 802 the installationprocedure Hooks the operating system's I/O API 812 to the installedcontent protection driver 813. After the operating system's I/O API's812 are hooked to the content protection driver 813, any I/O requestfrom any application 811 is addressed through the I/O routines of the OSand the content protection driver 813, instead of addressing the OSDevice Drivers 814.

It should be noted that the content protection driver 813 is actually aprogram file that can be stored on the protected medium itself or on adifferent medium. The installation process is initiated by running thisprogram file.

In step 803 it is checked if there is a medium present in each of theexisting supported I/O devices 816. If there is no medium present thecontrol is transferred to step 809 in which a flag (No_Decrypt) is setto indicate that there is no need to decrypt the content that is beingread from the specific I/O device. The operation continues as thecontrol is passed from step 809 to the content protection driver's mainloop through {circle around (2)}.

If it is determined in step 803 that a medium is present in one of thesupported I/O devices 816, the control is passed to step 804. In step804 it is checked if the content on the medium is encrypted. This checkis dependent on the medium type. In case of a CD, it is done by readingthe CD frame at the relative address 00:02:16 of the first track. As wasexplained before, according to the encryption process of the presentinvention this CD frame is used for storing an Identification Mark, infields that are unused according to the ISO 9660 standard. The existenceof the Identification Mark indicates that the medium is protected andits content is encrypted. If the content on the medium is not encrypted,then there is no need to perform decryption of the stored content thatis read from the specific I/O device and the control is passed to step809. If the content is encrypted, the process continues in step 805,wherein an authentication test is performed to determine if the mediumis an original or not. The authentication test is also dependent on themedium type. In case of a recordable CD this authentication test can beone of the authentication tests of the present invention, illustrated inFIGS. 9, 10A and 10B.

In step 806 the result of the authentication test of step 805 ischecked. If it is determined in step 806 that the medium is not anoriginal, the decryption of the content that is read from the specificI/O device should not be decrypted, and the control is passed to step809. Otherwise, if it is determined in step 806 that the medium is anoriginal, the control is passed to step 807, wherein the appropriatedecryption keys are read from the medium. Then the control is passed tostep 808, which resets the No_Decrypt flag to indicate that the contentthat is read from the specific I/O device need to be decrypted. Thecontrol is then passed to the main loop through {circle around (2)}. Thedecryption keys required to decrypt the protected content are stored onthe storing media in predetermined locations which are determinedaccording to the storing media that is being used. For example in a CDencryption keys may be calculated using the values of Serial#A andSerial#B, and the Custom Information in the pre-gap.

FIG. 8C illustrates the process carried out by the main loop of thecontent protection driver 813. In step 831 the process enters a waitstate, until an I/O event that is generated by an I/O operation isidentified using the Hooks that were set up in step 802. When an I/Oevent is generated, the control is passed to step 832, in which it ischecked if the event is generated due to a new medium that was insertedto one of the supported I/O devices 816. If a new medium was inserted,the control is passed to step 838 in which it is checked if the newinserted medium is protected. The test performed in step 838 isidentical to the test performed in step 804. If the medium is notprotected then the control is passed to step 843 wherein the NO_Decryptflag is set to indicate that there is no need to decrypt the contentthat is read from the specific I/O device. The control is then passed tostep 831 in order to wait for the next I/O event.

If it is determined in step 838 that the new inserted medium isprotected, then the control is passed to step 839, in which anauthentication test is performed on the medium. The test in step 839 isidentical to the test preformed in step 805 in FIG. 8B. The results ofthis authentication test are checked in step 840, and if it isdetermined that the medium is not an original, then there is no need todecrypt the content that is read from the specific medium and thecontrol is passed to step 843. Otherwise, if it is determined that themedium is an original, the control is passed to step 841 in which theappropriate decryption keys are read from the medium. In the next step,842, the No_Decrypt flag is reset to indicate that the content that isread from the specific I/O device should be decrypted.

If it is determined in step 832 that new medium was not inserted, thenthe control is passed to step 833, in which it is checked if the eventwas generated due to of an intercepted write operation, and if it is so,then the control is passed to the write procedure (shown in FIG. 8D)through {circle around (3)}. Otherwise, if it determined that the eventwas not generated due to an intercepted write operation, then thecontrol is passed to step 834 in which it is checked if the event wasgenerated due to an intercepted read operation.

If it is determined in step 834 that the event was not generated due toan intercepted read operation, then the control is returned to step 831,in which the process enters a wait state, and waits for the next event.If it is determined in step 834 that the event was generated due to anintercepted read operation, the control is passed to step 835, in whichit is checked if the read content should be decrypted by checking thestate of the No_Decrypt flag of the specific I/O device. If decryptionshould not be preformed (No_Decrypt=“1”), then the control is returnedto step 831, for waiting for the next event. Otherwise, If decryptionshould be preformed (No_Decrypt=“0”), then the control is passed to step836 in which the read content is decrypted. The process proceeds in step837, in which a CRC code for the read content is calculated, and the CRCresult is then stored in the computers memory. This step also manages alist of CRC codes of all the content that was read in the recent readoperations. Finally, the control is returned to step 831 that waits forthe next event.

FIG. 8D illustrates the write procedure that is initiated in step 833(FIG. 8C). In step 841 the CRC code of the content that is about to bewritten is calculated, And in step 842 it is checked if the calculatedCRC code obtained in step 841 equals to one of the CRC codes that werecalculated for the content that was read in the recent read operations.It is done by checking the CRC Codes in the list that is managed in step837 in FIG. 8C. If the calculated CRC equals to one of the CRC values inthe list, then the control is passed to step 844 that destroy thecontent that is about to be written by overwriting it with meaninglessrandom information.

If it is determined in step 842 that the calculated checksum that wasobtained does not equal to one of the checksums that were calculated forthe content that was read in the recent read operations, then thecontrol is passed to step 843, in which the write process is allowed tocontinue normally. Eventually, the control is passed back to step 831 inthe main loop of the content protection driver through {circle around(2)}.

The protection against copying of protected content can be furtherimproved to prevent such copying by any active process. For example,step 837 may include setting a flag associated with the process whichinitiated the read event. In this way whenever a write operation isperformed by this process it can be prevented in step 842 by checkingthe status of the flag associated with process which initiated the writeevent. A determination that the flag associated with process whichinitiated the write event is set “ON” will result in preventing thewrite operation in step 844. It should be noted that this additionalprotection can be used to prevent any output (e.g., print, paste, etc.)from the initiating process.

FIG. 14 is a flowchart illustrating a process for managing clients'distribution lists, that has in it the client's information, such as hisname and address, and the Serial#A of the pre-burned disc 1300 that thespecific client is about to receive. The system takes the client'sinformation from a clients list and creates for him a unique disc. Thesystem also adds to a list distributed discs, all the clients'information and the respective Serial#A code of the disc that wascreated for them. In step 1400, Serial#A is read from the pre-burneddisc 1300, and in step 1402 the information of the next client is readfrom the clients list. In step 1403 the Serial#A and the information ofthe client, that was read in step 1402, are added to the distributeddiscs list. In step 1404 the content to be protected is encrypted andwritten to the disc using the process illustrated in FIG. 11A. In step1409 it is checked if there are additional clients in the clients list.If not, the process ends, otherwise, the control is passed to step 1408in which the operator of the system is prompted to insert new recordabledisc 1300 to the recorder.

FIG. 15 illustrates a process for tracing pirates. Should an illegalcopy of a copy protected medium 1300 with serial numbers be found, it ispossible to use the protection method of the invention for tracing theowner of the original disc, from which the copy was made. The systemreads the Serial#A code from a copy of a serialized medium (i.e., whichwas copied from a protected disc 1300) and matches it to one of theclients in a distributed discs list. In step 1501 Serial#A code is readAnd in step 1502 the distributed discs list is scanned for a record witha matching Serial#A code. In step 1503 it is checked if a record with amatching Serial#A code was found during the scan in step 1502, suchrecord was not foun then it is determined that the copy was made using adisc that does not appear on the list of distributed discs and theprocess terminates. Otherwise, if a matching record was found, thecontrol is passed to step 1504 in which the information of the client isread from the matching record. The content owner can use thisinformation to identify the person who received a legitimate copy whichwas used to make at least one illegal copy.

FIG. 16 illustrates the use of the copy protection system of the presentinvention by any content owner that wants to protect its content formillegal copying. The content owner uses discs with pre-burnedinformation, as illustrated in FIG. 13. These discs are marked as item1600 in FIG. 16. These are the discs on which the content to beprotected 1601 will be recorded. The burning software 1602 uses theencryption process illustrated in FIG. 12A to encrypt the files to beprotected before writing them to each disc. The software can also usethe process illustrated in FIG. 14 if the content owner wish to managelists with tracking information. If the files (content) to be protectedare program files, then the program files can have the authenticationprocess illustrated in FIGS. 10A and 10B integrated into them. Thisauthentication process determines if the disc is original or not,accordingly the execution of each program is terminated or continued. Ifthe files to be protected are content files other than programs, thenthe files are simply encrypted utilizing the encryption keys establishedfrom each disc (Track Descriptors and Custom Information in the firstPre-Gap and the serial numbers Serial#A and Serial#B, as explained usingFIG. 12A). The result of the process are discs with encrypted contentwritten to what was the recordable area before the process began (field1302 in FIG. 13). In order to use the encrypted files on the recordeddiscs, each user will have to install the content protection driver onhis computer if it is not already installed. The content protectiondriver is not needed in case the protected files are program files, thatcan perform the authentication process and decryption routines bythemselves.

FIG. 17 schematically illustrates the structure of a Virtual DigitalHologram (VDH), that can be used for authenticating a digital storagemedium. Storage mediums are divided into information blocks, also knownas sectors, which allow efficiently reading the stored information. Eachsector has a unique identifying address. With this identifying addressit is possible to access a specific sector and read its content.

The VDH section of the storage medium comprises several consecutiveinformation blocks (sectors), which are divided into 2 parts (FIG. 17,Physical part 1 and Physical part 2). The first part of the VDH includesinformation blocks having addresses RB1, RB1+1, . . . , RB1+4. Thesecond part of the VDH includes a set of overlapping information blockswith the same addresses RB1, RB1+1, . . . , RB1+4. The overlapping ofinformation blocks is realized whenever two or more information blockson the same medium share the same identifying address. Although theoverlapping information blocks have the same address, they containdifferent information, so that the overlapping information blocks areactually distinct blocks according to their content. VDH can beimplemented on recordable or non-recordable media, provided that themedia is divided into information blocks having unique identifyingaddresses.

For example, on a CD, each CD Frame has its address written in 3different locations: in the ATIME and RTIME of the Q sub channel asshown in FIG. 4, and also in the Header that is presented as block 112in FIG. 1. In order to create a VDH on a CD, these 3 locations in eachoverlapping CD Frame must be changed accordingly to indicate therespective identifying address.

The 2 parts of the VDH appear to the reading drive as one virtual partthat contain unstable information (e.g., Virtual Block 1 to VirtualBlock 4). When the reading drive receives from an application a requestto read the content of an information block found in the VDH, the drivemay detect 2 different information blocks with an address that matchesthe address of the requested information. In that case, the drive willaccess the information block that is physically closest to the locationof the drive's reading head. The greater the difference between thedistances of the overlapping information blocks from the reading head,the higher the probability that the drive will actually read the nearestinformation block. If the difference between those 2 distances is minoror zero, then it is unpredictable which of the information blocks willbe read.

Making a copy of any digital medium involves 2 basic operations: readingfrom the source medium and then writing to the target medium. Any copyof a storage medium containing a VDH, will necessarily lack the VDHcontained on the source medium. During the reading process, eachinformation block is read and then written to the target medium.However, in the area where the VDH is located there are 2 sets ofinformation blocks (overlapping blocks) that appear as one. When readingthis area, only one information block of each set of overlapping blockswill be read and then written to the source. As a result, the targetmedium will contain in the VDH area only the read information blockswithout their overlapping information blocks of the VDH area of thesource medium.

There is no way to know for sure which of the overlapping informationblocks will actually be copied to the VDH area on the target medium, butthe information in this area will necessarily be stable. This means thatwhenever an application requests the drive to read the content of aninformation block from a copied medium, the same information block willbe read regardless of the drives' reading head's location.

FIG. 18 illustrates a process for authenticating a digital medium thatcontains a VDH. This authenticating process attempts to read theinformation blocks (sectors) of the VDH area twice, once “forward” e.g.,starting from RB1 and continuing to RB1+1, . . . , RB1+4 and ending inRB2, and once “backwards” e.g., starting from RB2 and continuing toRB1+4, . . . , RB1+1 and ending in RB1.

In step 1800, the first Reset Block (RB1) is read, which is the firstsector before the VDH area. Reading this sector brings the drive'sreading head to the beginning of the first part of the VDH, wherein thefirst overlapped sector RB1+1 is located. In step 1801, the next sectoris read, which is actually the first overlapped sector RB1+13. In step1802, a CRC code is calculated for the information read in step 1801,the CRC code is stored in the computer's memory. In step 1803 it ischecked if the sector read in step 1801 is the last sector of the firstblock i.e., RB1+4. If it is determined that the read sector is not thelast sector of the first part, the control is passed to step 1801.Otherwise, the control is passed to step 1804.

In step 1804 the next sector is read i.e., RB2(=RB1+5). In step 1805,the previous sector is read (e.g., RB1+4), and in step 1806, a CRC codeis calculated for the information read in step 1805. In step 1807, theCRC code calculated in step 1806 is compared to the CRC calculated instep 1802 for the same sector (e.g., RB1+4). If the 2 codes are notequal, then it is assumed that an overlapping sector pair was detected,because different information was read from the same sector addresses intwo different read operations. In this case, it is concluded that themedium is original and the process is terminated. In case that the CRCcodes compared in step 1807 are equal, then the control is passed tostep 1808.

In step 1808 it is checked if the sector that was read in step 1805 isthe first sector of the VDH, RB1+1. If it is not the first sector RB1+1of the VDH, the control is passed to step 1805 for processing theprevious sector. Otherwise, if the first sector RB1+1 is reached, it isconcluded that the medium does not contain the VDH, because nooverlapping sector pair was detected, and therefore, the medium is acopy.

1. A method for preventing the illegal copying of a copy protectedcontent by a computerized system, comprising: a) installing a driver inthe operating system of said computerized system, where said driver iscapable of intercepting any attempt of the I/O routines of saidoperating system to access the device drivers of said Operating System;b) whenever an attempt to read data from said device drivers isintercepted performing the following steps: b.1) performing anauthentication test to determine if the accessed device contain anoriginal copy, and if it is determined that the accessed device containan illegal copy terminating the requested I/O operation; b.2) if it isdetermined that the accessed device contains an original copy allowingaccess to said device and calculating and storing in the memory of saidcomputerized system the CRC codes of the data read from said device; c)whenever an attempt to write data to said device drivers is interceptedperforming the following steps: c.3) calculating CRC code of the data tobe written to said device; c.4) if the calculated CRC code equals to oneof the CRC codes that were previously stored in the memory of saidcomputerized system terminating said write data attempt; and c.5) if thecalculated CRC code does not equal to any one of the CRC codes that werepreviously stored in the memory of said computerized system allowingsaid write data to be performed.
 2. A method according to claim 1,wherein the data stored on the I/O devices is stored in an encryptedform.
 3. A method according to claim 2, further comprising decryptingthe encrypted data whenever it is determined that the accessed devicecontains an original copy.
 4. A method according to claim 3, wherein thedecryption keys are obtained from the I/O device from which theencrypted data was read.
 5. A method according to claim 1, furthercomprising: setting a flag to a logical ON state whenever an attempt toread data from the device driver is intercepted, where said flag isgenerally in a logical OFF state and it is associated with the processthat initiated said read attempt; and checking the status of the flagassociated with a process attempting to output data and preventing saiddata output if said flag is in the logical ON state.
 6. A method forprotecting content stored on a recordable CD, comprising: a) reading thevalues of the disc ID and the Lead-in start time from said recordableCD; b) generating an encryption key from said read values; c) encryptingthe content that should be stored on said CD using said encryption keyand writing the encrypted content to the recordable CD; d) wheneverattempting to read the content of a CD carrying out the following steps:d.1) reading the values of the disc ID and the Lead-in start time fromsaid CD; d.2) generating a decryption key from said read values; andd.3) decrypting the content of said CD with said decryption key.
 7. Amethod according to claim 6, wherein the same key is used for carryingout the encryption and the decryption of the protected content.
 8. amethod for protecting the content stored on a recordable CD, comprising:a) recording on said CD a first session including one or more Tracks,each of which includes unique and/or nonstandard data structures; b)recording on said CD the protected contented in a concealed form and anauthentication module capable of determining the existence ornon-existence of said unique and/or nonstandard data structures andcapable of accessing the concealed content and reveal its content; andc) activating said authentication module whenever attempting to accesssaid CD, and if said unique and/or nonstandard data structures are foundon said CD allowing said concealed content to be revealed and accessed.9. A method according to claim 8, wherein the unique and/or nonstandarddata structures comprise Rom Sync Shifts.
 10. A method according toclaim 8, wherein the unique and/or nonstandard data structures compriseDigital Silence.
 11. A method according to claim 8, wherein the uniqueand/or nonstandard data structures comprise Link Blocks.
 12. A methodaccording to claim 8, wherein said unique and/or nonstandard datastructures comprise Predetermined Rom Skew values.
 13. A methodaccording to claim 8, further comprising storing unique serial numbersin predetermined locations within the one or more Tracks, comprising: a)one or more unique copy-seal serial numbers, which are stored inpredetermined locations in the User Data of predetermined data frameswithin said Tracks; and b) one or more unique copy-authentication serialnumbers which are stored in predetermined locations in the Sub Channelsof predetermined data frames within said Tracks.
 14. A method accordingto claim 13, wherein the copy-seal and/or copy-authentication serialnumbers are used to identify the original copy of the protected contentwhich was used for the copying of a pirate copy.
 15. A method accordingto claim 13, wherein the bits of the copy-authentication serial numbersare stored in the Copy Permit/Prohibit bit of the Q Sub-Channel of asequence of predetermined data frames within the one or more Tracks. 16.A method for preventing the illegal copying of a copy protected contentby a computerized system comprising: setting a flag to a logical ONstate whenever an active process attempts to read data from saidcontent, where said flag is generally in a logical OFF state and it isassociated with said process; and checking the status of the flagassociated with a process attempting to output data and preventing saiddata output if said flag is in the logical ON state.
 17. A copyprotected recordable CD, comprising: a) a pre-burned session comprisingone or more Tracks; b) unique and/or nonstandard data structures in theUser Data field and/or the Sub Channels of predetermined frames withinsaid Track, where only portion of said data structures can be copied byconventional recorders; c) one or more additional sessions comprisingcontent encrypted by an encryption key which is generated from valuesobtained from said data structures; and d) a software module capable ofidentifying the existence or non-existence of said data structures inthe first session of a CD and determining if said CD is an original or acopy, whenever an original CD determination is obtained said softwaremodule generates a decryption key from values obtained from said datastructures and decrypts the content of said additional sessions.
 18. Acopy protected recordable CD according to claim 17, wherein the one ormore Tracks are recorded in different Subcode Formats.
 19. A copyprotected recordable CD according to claim 17, wherein the unique and/ornonstandard data structures comprise Rom Sync Shifts.
 20. A copyprotected recordable CD according to claim 17, wherein the unique and/ornonstandard data structures comprise Digital Silence.
 21. A copyprotected recordable CD according to claim 17, wherein the unique and/ornonstandard data structures comprise Link Blocks.
 22. A copy protectedrecordable CD according to claim 17, wherein said unique and/ornonstandard data structures comprise Predetermined Rom Skew values. 23.A copy protected recordable CD according to claim 17, further comprisingstoring unique serial numbers in predetermined locations within the oneor more Tracks, comprising: a) one or more unique copy-seal serialnumbers, which are stored in predetermined locations in the User Data ofpredetermined data frames within said Tracks; and b) one or more uniquecopy-authentication serial numbers which are stored in predeterminedlocations in the Sub Channels of predetermined data frames within saidTracks.
 24. A copy protected recordable CD according to claim 23,wherein the copy-seal and/or copy-authentication serial numbers are usedto identify the original copy of the protected content which was usedfor the copying of a pirate copy.
 25. A copy protected recordable CDaccording to claim 23, wherein the bits of the copy-authenticationserial numbers are stored in the Copy Permit/Prohibit bit of the QSub-Channel of a sequence of predetermined data frames within the one ormore Tracks.
 26. A copy protected recordable CD according to claim 17comprising a pre-burned session comprising one or more Tracks includingpredetermined locations within the one or more Tracks, comprising: a)one or more unique copy-seal serial numbers, which are stored inpredetermined locations in the User Data of predetermined data frameswithin said Tracks; and b) one or more unique copy-authentication serialnumbers which are stored in predetermined locations in the Sub Channelsof predetermined data frames within said Tracks.
 27. a method forproducing a copy protected storage medium, comprising: a) writing datainto a first set of a predetermined number of consecutive sectors havingconsecutive addresses; and b) following said first set, writingdifferent data into a second set of the same predetermined number ofconsecutive sectors having the same consecutive addresses as said firstset, such that any attempt to copy said medium results in copying onlyone of said sets.
 28. a method for producing a copy protected storagemedium, comprising: a) designating a sector address as a startinglocation for writing authenticating data sectors; b) following saidstarting location writing data into a first set of a predeterminednumber of consecutive sectors having consecutive addresses; c) followingsaid first set, writing different data into a second set of the samepredetermined number of consecutive sectors having the same consecutiveaddresses as said first set; and d) following said second set,designating a sector as an ending location and setting the address ofsaid sector to the consecutive address following said first set, suchthat any attempt to copy said medium results in copying said startinglocation sector, one of said sets, and said ending location sector. 29.a method according to claim 28, further comprising authenticating astorage medium by performing the following steps: a) reading the data ofthe first set of sectors and producing an identifier for each readsector; b) reading the ending location sector; c) reading the sectorspreceding said ending location sector in a descending order, producingan identifier for each read sector, and comparing said identifier to theidentifier previously produced for the corresponding sector in saidfirst set; d) indicating that the storage medium is original whenever itis determined that the identifiers which were produced for correspondingsectors mismatch, and if it is determined that said identifiers matchindicating said medium being a copy.